integrate with existing ufw firewall

I added 2 nameservers to a 3.1 multiserver installation, and those servers already had ufw configured in them prior to installing ispconfig, with the simple rules below. I chose `Configure Firewall Server: y` during install, and the Server Config is set to ufw fireall, but any changes to firewall records for these servers do not propogate to the live firewall rules. Any pointers on how to get ispconfig's ufw rules to take over the locally configured rules?

I did run server.sh in debug mode and it shows changes propogate to the database (port 1234 is test):

Please check if the firewall_plugin.inc.php is enabled in /usr/local/ispconfig/server/plugins-enabled/

Click to expand...

Indeed it was/is not on these two servers. It seems inconsistent among the 5 ispconfig servers I have; what creates that symlink? I'm sure I did something wrong... but one thing that seems curious is at one time I had a combined ispconfig control panel + web server, I cloned that container and split the two functions and now one of the cloned containers has firewall_plugin.in.php enabled, while the other doesn't. I've done separate ispconfig_update.sh runs for each container of course, but I know for sure they both had the Firewall enabled on the initial install, as it was before cloning the container.

I just re-ran an update, chose to reconfigure selected services, and saying 'n' there doesn't remove the firewall plugin, nor does saying 'y' there add it. So no idea why those are inconsistent, but it's an easy clean/fix.

A note for any incorporating ispconfig with an existing ufw firewall, in a little testing it seems ispconfig can manage (add/remove) only ufw rules that have a port number and protocol set, so if your existing firewall uses the 'DNS' app profile, you cannot remove that, or if your existing rules allow just port '53' it likewise cannot be removed, for either case just remove the rule and ad 53/tcp and 53/udp, and ispconfig will be able to manage those (though it doesn't read in the list of currently allowed ports).